T-Mobile Fined $33 Million in SIM Swapping Lawsuit

T-Mobile Fined $33 Million in SIM Swapping Lawsuit

T-Mobile has been hit with a massive fine of $33 million after a customer lost millions in cryptocurrency in a devastating SIM swapping attack. The Los Angeles-based law firm Greenberg Glusker announced today that it has secured a significant arbitration award against T-Mobile over the telco's mishaps related to the SIM swap hack.

A T-Mobile customer, Joseph "Josh" Jones, lost his entire crypto fortune due to a major security failure in February 2020. The attack saw thieves steal more than 1,500 Bitcoin (BTC) and nearly 60,000 Bitcoin Cash (BCH), valued at $38 million at the time.

Greenberg Glusker suggests that numerous security failures at T-Mobile led to the SIM swap incident, which sparked a massive legal battle. The law firm notes that the parties have kept the court ruling in the lawsuit under wraps since the fall of 2023, with T-Mobile reportedly not wanting details of the security flaws to come out.

However, a recent petition to confirm the award of the lawsuit brought those details into public view. According to the source, the threat actors managed to hijack Jones' T-Mobile account, even with enhanced PIN protection. An employee of the carrier facilitated the attack by consenting to move Jones' mobile number to a SIM card under the threat actor's ownership.

Despite the robust security measures in place, the attacker was able to exploit a backdoor on the carrier's systems, allowing them to conduct the attack with ease. "SIM swapping has been an unchecked security flaw for years," said Paul Blechner of Greenberg Glusker. "Carriers like T-Mobile have known about it and failed to take basic precautions. This award makes it clear: they must do better."

Investigations into the incident revealed that a 17-year-old teen conducted the SIM swapping attack in the case. He reportedly had links with other cybercriminals, who targeted over 100 Twitter accounts in 2020, including those belonging to high-profile figures such as Joe Biden, Elon Musk, Bill Gates, and Jeff Bezos.

T-Mobile has been involved in SIM swapping attacks before. In 2022, a US man received a sentence for stealing $20 million in crypto via a SIM swap attack. A year later, a SIM swapping attack involving T-Mobile targeted advisory firm Kroll, exposing data from many bankrupt crypto firms, including Genesis, FTX, and BlockFi.

This latest fine serves as a stark reminder of the risks associated with SIM swapping attacks and the importance of robust security measures in place to prevent such incidents. As Blechner noted, "it's clear that carriers like T-Mobile must do better" to protect their customers from these types of threats.